A possible problem I see with that implementation is that it is not certain that every posted add-on can, and will be evaluated by a moderator. This could be because the mod(s) don't own a required hardware device, or might simply not be interested or motivated to install that particular plugin to test it.
But I support and understand the idea behind it, this trying to prevent malicious or nonsense postings of add-ons.
The verification is to prevent spams, and also floodgate. i do trust the community for providing quality addons without malicious intent. But ofc, humans are complicated and it is not easy to trust them by nature.
I suggest another approach for this.
Make it mandatory to post an introductory- and explanatory post, including the download link in the forum.
Don't you think that is a bit of stretch! And besides it will require a human to verify the forum post. I have made support/discussion link mandatory for addons that are beta. but to make it fully mandatory might be too much. ofc if others agrees i will make the changes otherwise i would prefer not to.
Implement a standard delay of e.g. 48 hours before an added plugin is visible for normal users.
That will give it a valid period for the plugin to be screened at least a little bit with the help and feedback from the community.
If after these 48 hours passed, the plugin has not been reported to be malicious or nonsense, nor by forum posts, nor by a report to the mods, it will become visible in the download area automatically.
The worst that might happen, is that a malicious/nonsense add-on is posted, that it is not responded to by anyone in these 48 hours, and gets published automatically.
I have another suggestion that might help to cover that (rather unlikely) possibility, namely by giving each and every published add-on a visual indicator (I can't find the right word, 'stamp?') naming it 'unverified', just explaining that it has not yet been tested for functionality or viruses.
Currently unverified add-ons are completely invisible to users BUT they can still access them if they got direct link.
All non-verified addon will show warning. They are invisible but if someone visit them by direct links the addon page will show warning.
If an addon is rejected the download link won't show. only the warning message. Members can re-submit rejected add-ons for re-verification.
and if an addon is soft deleted(mods can only soft delete, only admin can permanently delete them or they will be automatically deleted in a week/days by server) they will throws a red error. admin/mod will be able to undelete as well.
The mods will be able to see a list of yet unverified add-ons, and can remove that 'unverified tag' either by own assessment, by responses from forum members, or after personal note or request from the creator of that add-on. It would also allow for bypassing the 48hours waiting time.
I believe such a system would also be much easier for the mods to handle than trying out and test all add-ons by themselves.
mods/admin can see non verified addons and approve them, soft delete, reject them.
You can currently sort YOUR OWN SUBMITTED addons by status
I am also working on moderator and admin center now, it will bring some extra features for mods as well. Viewing all deleted, rejected, waiting for approval is also coming for mods as well.
I like the idea of involving community to vote for safe and unsafe addons. It sounds like steam greenlight.
But ofc it can also have some negative effect aswell, like users reporting an safe addon as virus just for fun or maybe their shitty antivirus said so. or maybe spam addons got accepted because mods were not online for 48hours or so.
